// establish an SSH session
C:\>ssh -l SSHadmin 192.168.2.1
R2#
//Apply ACL 10 to ingress traffic on the VTY lines.
R1#config t
R1(config)#access-list 10 permit host 192.168.3.3
R1(config)#line vty 0 4
R1(config-line)#access-class 10 in
R1(config-line)#exit
//Configure ACL 120 to specifically permit and deny the specified traffic.
R1#config t
R1(config)#access-list 120 permit udp any host 192.168.1.3 eq domain
R1(config)#access-list 120 permit tcp any host 192.168.1.3 eq smtp
R1(config)#access-list 120 permit tcp any host 192.168.1.3 eq ftp
R1(config)#access-list 120 deny tcp any host 192.168.1.3 eq 443
R1(config)#access-list 120 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22
R1(config)#interface S0/0/0
R1(config-if)#ip access-group 120 in
R1(config-if)#exit
R1(config)#show access-list
R1(config)#end
R1#show access-list
Standard IP access list 10
10 permit host 192.168.3.3
Extended IP access list 120
10 permit udp any host 192.168.1.3 eq domain
20 permit tcp any host 192.168.1.3 eq smtp
30 permit tcp any host 192.168.1.3 eq ftp
40 deny tcp any host 192.168.1.3 eq 443
50 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22
//Make any necessary changes to ACL 120 to permit and deny the specified traffic.
R1(config)#access-list 120 permit icmp any any echo-reply
R1(config)#access-list 120 permit icmp any any unreachable
R1(config)#access-list 120 deny icmp any any
R1(config)#access-list 120 permit ip any any
R1(config)#exit
R1#show access
Standard IP access list 10
10 permit host 192.168.3.3
Extended IP access list 120
10 permit udp any host 192.168.1.3 eq domain
20 permit tcp any host 192.168.1.3 eq smtp
30 permit tcp any host 192.168.1.3 eq ftp
40 deny tcp any host 192.168.1.3 eq 443 (44 match(es))
50 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22
60 permit icmp any any echo-reply
70 permit icmp any any unreachable
80 deny icmp any any
90 permit ip any any
//Configure ACL 110 to permit only traffic from the inside network.
R3(config)#access-list 110 permit ip 192.168.3.0 0.0.0.255 any
//Apply the ACL to interface G0/1.
R3(config)#interface g0/1
R3(config-if)#ip access-group 110 in
R3(config-if)#end
//Configure ACL 100 to block all specified traffic from the outside network.
R3#config t
R3(config)#access-list 100 permit tcp 10.0.0.0 0.255.255.255 eq 22 host 192.168.3.3
R3(config)#access-list 100 deny ip 10.0.0.0 0.255.255.255 any
R3(config)#access-list 100 deny ip 172.16.0.0 0.15.255.255 any
R3(config)#access-list 100 deny ip 192.168.0.0 0.0.255.255 any
R3(config)#access-list 100 deny ip 127.0.0.0 0.255.255.255 any
R3(config)#access-list 100 deny ip 224.0.0.0 15.255.255.255 any
R3(config)#access-list 100 permit ip any any
R3(config)#interface s0/0/1
R3(config-if)#ip access-group 100 in
R3(config-if)#do show access-list
Standard IP access list 10
10 permit host 192.168.3.3
Extended IP access list 110
10 permit ip 192.168.3.0 0.0.0.255 any
Extended IP access list 100
10 permit tcp 10.0.0.0 0.255.255.255 eq 22 host 192.168.3.3
20 deny ip 10.0.0.0 0.255.255.255 any
30 deny ip 172.16.0.0 0.15.255.255 any
40 deny ip 192.168.0.0 0.0.255.255 any
50 deny ip 127.0.0.0 0.255.255.255 any
60 deny ip 224.0.0.0 15.255.255.255 any
70 permit ip any any
扫一扫
7390
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
